Contents of this Issue

Navigation

Page 40 of 68

KNISLEY: Rich, as an IT security leader for a retail company,
how do you work with asset protection professionals to protect
your company?
NOGUERA: First and foremost, it's important for me to be an
information resource helping my LP peers understand what my
team thinks is really happening in the digital space. As we move
closer to closing the gap between brick-and-mortar physical
space and digital space, it's going to be absolutely critical that
IT and LP partner more closely to understand what the threats
are, and how we react to those threats. Beyond that, it's very
important to partner with law enforcement. We need to get the
right actionable information to our law enforcement peers.
KNISLEY: Shawn, what is "actionable intelligence" that Rich
mentioned, and how does it help retailers be more secure?
HENRY: Actionable intelligence is really just information that you
can take some overt steps to respond to. Whether we're talking
about physical security or information security, it's not enough
to just react to what happened. If you're reactive, then something
bad has already occurred. We want to be proactive, we want to
make sure that we understand in advance what's coming around
the corner, and we want to know how to prepare for it.
One part of actionable intelligence is understanding who the
adversaries are. Who is likely to target you? What is it they're
looking for? What are the techniques or the tactics that they're
going to be employing against you? If you understand these
things in advance, if you understand who your adversaries are
and how they think, you are in a much better position to make
your organization and your network resilient and robust to
protect against them.
KNISLEY: Lou, we continue hearing about companies being
breached and critical data being lost, and often times the Secret
Service is tasked with working with these companies to investigate
a breach. Can you shed some light on law enforcement's role in
working with companies, and what a company's expectations of
law enforcement should be after a breach?
STEPHENS: First and foremost, when there's a data breach, the
company has been victimized, so they should expect to be treated
by law enforcement with the support and discretion that law
enforcement would provide any victim. That discretion is very
important. In our view, a breached network is like a crime scene.
There might not be a broken window or a broken door, but there
are digital equivalents on the network where the hackers broke in.
We want to find those clues, understand them, and try to trace them
backwards to where they came from.
Furthermore, we want to know what they did while they were
in the network. Are they still there? How long were they there?
What type of malware and hack tools did they deploy? This
information is really key evidence that, along with a company's
server logs, help us to understand exactly what happened, and
how they did it.
These cases are very technical. They are very complex. So
the outcome is much better when law enforcement works
hand-in-hand with companies very collaboratively and
transparently. One of the things that you can expect is for law
enforcement to want to work with you face-to-face to gather
evidence. We'll want to send over our investigators to work with
T
he 2014 Retail Industry Leaders Association (RILA) Asset Protection
Conference featured a panel discussion of the evolving cybersecurity
threat to retailers. (Left to right) Ryan Knisley, a security expert with
Accenture, moderated the panel that included Lou Stephens, special
agent in charge, United States Secret Service; Shawn Henry, president of
CrowdStrike Services; and Rich Noguera, head of information security,
Gap Inc. Following are excerpts from the discussion courtesy of RILA.
40
JULY - AUGUST 2014 | LPPORTAL.COM
DEALING WITH DATA BREACHES